Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/9639b2-a9da-4373-b651-8637abf731f3/1/4H0fyEuWerWSzlXNq07JkJiw5qA.roa
File:                     4H0fyEuWerWSzlXNq07JkJiw5qA.roa (raw, json)
Hash identifier:          OZ0H4XnFLpq2naTP+hDFTCWoPnUMjKiyZzgXftrXUF0=
Subject key identifier:   E0:7D:1F:C8:4B:96:7A:B5:92:CE:55:CD:AB:4E:C9:90:98:B0:E6:A0
Certificate issuer:       /CN=e8965057f4aa099b0a919f3f0bd4a6488e30c348
Certificate serial:       018CC64B7F111A549EEFF6E1779165FA69F6
Authority key identifier: E8:96:50:57:F4:AA:09:9B:0A:91:9F:3F:0B:D4:A6:48:8E:30:C3:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6JZQV_SqCZsKkZ8_C9SmSI4ww0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/9639b2-a9da-4373-b651-8637abf731f3/1/4H0fyEuWerWSzlXNq07JkJiw5qA.roa
Signing time:             Mon 01 Jan 2024 18:31:25 +0000
ROA not before:           Mon 01 Jan 2024 18:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1103
IP address blocks:        2001:67c:262c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/9639b2-a9da-4373-b651-8637abf731f3/1/6JZQV_SqCZsKkZ8_C9SmSI4ww0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/9639b2-a9da-4373-b651-8637abf731f3/1/6JZQV_SqCZsKkZ8_C9SmSI4ww0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6JZQV_SqCZsKkZ8_C9SmSI4ww0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:7f:11:1a:54:9e:ef:f6:e1:77:91:65:fa:69:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8965057f4aa099b0a919f3f0bd4a6488e30c348
        Validity
            Not Before: Jan  1 18:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e07d1fc84b967ab592ce55cdab4ec99098b0e6a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:87:6c:8e:73:09:d7:d9:21:ba:82:bf:ed:9f:
                    8b:80:3b:4b:3f:05:47:bb:2f:a1:4c:a6:94:e6:7e:
                    d5:8b:51:97:3c:dd:0d:b1:94:68:82:30:8e:bb:d5:
                    69:d8:c0:7f:35:7d:45:dc:5d:be:f3:be:fa:85:2d:
                    96:93:c1:e5:24:ce:ee:1c:45:29:2f:bd:9a:d5:71:
                    8c:40:1e:f2:95:8d:b4:13:38:43:d2:a0:78:75:63:
                    8c:0f:3c:9d:6e:57:4d:d0:83:e4:15:7e:0c:50:02:
                    7f:93:1e:2b:a3:58:b3:41:1b:a3:0f:ef:0e:06:26:
                    cd:4d:05:b1:93:cb:5f:56:0a:d7:bc:7f:96:09:9f:
                    3e:5b:11:39:7e:eb:cb:5e:8a:25:04:55:37:3d:91:
                    45:1d:01:75:41:09:6d:77:f5:31:5e:48:75:e1:ac:
                    10:bd:22:64:99:42:ff:b4:ec:33:b3:9e:97:ae:16:
                    29:de:75:b8:b8:8c:36:01:03:37:b3:9b:3d:15:3a:
                    61:9c:0f:43:52:66:40:ca:b6:07:bf:26:ae:47:a4:
                    45:16:66:90:ba:93:35:b6:b9:8d:ad:f7:ff:ce:cc:
                    cd:a6:63:30:6a:bf:8d:63:8b:c7:29:0a:98:5b:e6:
                    a0:b9:ec:dc:2a:55:cb:61:bc:fb:1c:f1:8e:3d:d0:
                    f2:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:7D:1F:C8:4B:96:7A:B5:92:CE:55:CD:AB:4E:C9:90:98:B0:E6:A0
            X509v3 Authority Key Identifier:
                keyid:E8:96:50:57:F4:AA:09:9B:0A:91:9F:3F:0B:D4:A6:48:8E:30:C3:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6JZQV_SqCZsKkZ8_C9SmSI4ww0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/9639b2-a9da-4373-b651-8637abf731f3/1/4H0fyEuWerWSzlXNq07JkJiw5qA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/9639b2-a9da-4373-b651-8637abf731f3/1/6JZQV_SqCZsKkZ8_C9SmSI4ww0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:262c::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:db:52:eb:ab:7a:c7:84:aa:67:86:eb:ac:53:b6:b1:f0:64:
         9c:8c:1a:34:73:11:8f:99:d2:1d:b7:40:0a:aa:7d:ac:18:7b:
         0d:42:c6:af:bd:55:4d:cd:a9:f6:aa:8e:d0:80:db:d0:f0:4a:
         03:02:0c:de:2d:d8:f8:94:60:c3:42:2b:c4:4b:1c:dc:52:f1:
         d5:38:83:39:a5:35:ee:e4:93:ee:24:a1:7b:52:04:c4:e0:ce:
         84:d5:25:0d:39:55:89:38:0b:b4:6b:83:f4:4a:34:b9:87:ca:
         2d:6c:76:c6:de:44:fe:c6:fe:ad:06:77:a3:7e:be:e2:24:35:
         c1:51:f3:9c:0e:41:c6:1b:e0:62:22:ad:d5:55:05:b1:3d:41:
         4a:0e:c6:15:d8:91:df:70:53:a4:f7:ce:a3:32:4d:c9:e0:e5:
         f2:80:a4:1b:ee:60:41:73:e1:f2:50:0c:86:30:6a:23:91:7d:
         6c:7c:db:0b:f8:0f:13:dd:e6:c0:62:76:87:96:34:f3:6a:55:
         b7:a7:f9:5d:89:55:54:86:77:d8:48:cb:d9:ef:92:6b:84:89:
         95:49:96:14:50:c5:b6:dc:c5:04:b7:40:cc:0a:e9:7f:ce:c0:
         c7:96:08:b7:65:28:5d:7c:09:be:09:9b:5f:10:17:a7:27:58:
         a6:31:84:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGS38RGlSe7/bhd5Fl+mn2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4OTY1MDU3ZjRhYTA5OWIwYTkxOWYzZjBiZDRhNjQ4OGUz
MGMzNDgwHhcNMjQwMTAxMTgzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDdkMWZjODRiOTY3YWI1OTJjZTU1Y2RhYjRlYzk5MDk4YjBlNmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIdsjnMJ19khuoK/7Z+LgDtLPwVH
uy+hTKaU5n7Vi1GXPN0NsZRogjCOu9Vp2MB/NX1F3F2+8776hS2Wk8HlJM7uHEUp
L72a1XGMQB7ylY20EzhD0qB4dWOMDzydbldN0IPkFX4MUAJ/kx4ro1izQRujD+8O
BibNTQWxk8tfVgrXvH+WCZ8+WxE5fuvLXoolBFU3PZFFHQF1QQltd/UxXkh14awQ
vSJkmUL/tOwzs56XrhYp3nW4uIw2AQM3s5s9FTphnA9DUmZAyrYHvyauR6RFFmaQ
upM1trmNrff/zszNpmMwar+NY4vHKQqYW+aguezcKlXLYbz7HPGOPdDyKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOB9H8hLlnq1ks5VzatOyZCYsOagMB8GA1UdIwQY
MBaAFOiWUFf0qgmbCpGfPwvUpkiOMMNIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkpaUVZfU3FDWnNLa1o4X0M5U21TSTR3dzBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS85NjM5YjItYTlkYS00MzczLWI2NTEt
ODYzN2FiZjczMWYzLzEvNEgwZnlFdVdlcldTemxYTnEwN0prSml3NXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS85NjM5YjItYTlkYS00MzczLWI2NTEtODYzN2FiZjczMWYz
LzEvNkpaUVZfU3FDWnNLa1o4X0M5U21TSTR3dzBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCYs
MA0GCSqGSIb3DQEBCwUAA4IBAQAx21Lrq3rHhKpnhuusU7ax8GScjBo0cxGPmdId
t0AKqn2sGHsNQsavvVVNzan2qo7QgNvQ8EoDAgzeLdj4lGDDQivESxzcUvHVOIM5
pTXu5JPuJKF7UgTE4M6E1SUNOVWJOAu0a4P0SjS5h8otbHbG3kT+xv6tBnejfr7i
JDXBUfOcDkHGG+BiIq3VVQWxPUFKDsYV2JHfcFOk986jMk3J4OXygKQb7mBBc+Hy
UAyGMGojkX1sfNsL+A8T3ebAYnaHljTzalW3p/ldiVVUhnfYSMvZ75JrhImVSZYU
UMW23MUEt0DMCul/zsDHlgi3ZShdfAm+CZtfEBenJ1imMYSE
-----END CERTIFICATE-----